Hello community, here is the log from the commit of package cpio for openSUSE:Factory checked in at Thu Mar 11 19:14:48 CET 2010. -------- --- cpio/cpio.changes 2009-12-26 11:52:30.000000000 +0100 +++ /mounts/work_src_done/STABLE/cpio/cpio.changes 2010-03-10 20:46:24.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Mar 3 09:29:23 UTC 2010 - mseben@novell.com + +- added heap_overflow_in_rtapelib.patch fix possible heap overflow in + rtapelib.c (bnc#579475) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- cpio-2.10-heap_overflow_in_rtapelib.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cpio.spec ++++++ --- /var/tmp/diff_new_pack.WrArQW/_old 2010-03-11 19:14:43.000000000 +0100 +++ /var/tmp/diff_new_pack.WrArQW/_new 2010-03-11 19:14:43.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package cpio (Version 2.10) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ Group: Productivity/Archiving/Compression AutoReqProv: on Version: 2.10 -Release: 5 +Release: 6 Summary: A Backup and Archiving Utility Source: %{name}-%{version}.tar.bz2 Patch2: %{name}-%{version}-use_new_ascii_format.patch @@ -43,6 +43,9 @@ Patch19: %{name}-%{version}-include_fatal_c.patch #PATCH-FIX-UPSTREAM cpio-2.10-close_files_after_copy.patch Patch20: %{name}-%{version}-close_files_after_copy.patch +#fix possible heap overflow in rtapelib.c bnc#579475 +Patch21: %{name}-%{version}-heap_overflow_in_rtapelib.patch +PreReq: %install_info_prereq PreReq: %install_info_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-lang = %{version} @@ -80,6 +83,7 @@ %patch18 %patch19 %patch20 +%patch21 -p1 #chmod 755 . #chmod u+w * #chmod a+r * ++++++ cpio-2.10-heap_overflow_in_rtapelib.patch ++++++
From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff
Date: Mon, 01 Mar 2010 08:49:03 +0000 Subject: Bugfixes in rtapelib
* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of their hardcoded values. * lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent potential overflow. --- diff --git a/lib/rmt.h b/lib/rmt.h index 50f037c..2ce9dc5 100644 --- a/lib/rmt.h +++ b/lib/rmt.h @@ -61,7 +61,7 @@ extern bool force_local_option; #define rmtcreat(dev_name, mode, command) \ (_remdev (dev_name) \ - ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \ + ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \ : creat (dev_name, mode)) #define rmtlstat(dev_name, muffer) \ diff --git a/lib/rtapelib.c b/lib/rtapelib.c index 02ad1e7..cb645db 100644 --- a/lib/rtapelib.c +++ b/lib/rtapelib.c @@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length) sprintf (command_buffer, "R%lu\n", (unsigned long) length); if (do_command (handle, command_buffer) == -1 - || (status = get_status (handle)) == SAFE_READ_ERROR) + || (status = get_status (handle)) == SAFE_READ_ERROR + || status > length) return SAFE_READ_ERROR; for (counter = 0; counter < status; counter += rlen, buffer += rlen) @@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument) || (status = get_status (handle), status == -1)) return -1; + if (status > sizeof (struct mtop)) + { + errno = EOVERFLOW; + return -1; + } + for (; status > 0; status -= counter, argument += counter) { counter = safe_read (READ_SIDE (handle), argument, status); -- cgit v0.8.2.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org